2442 matches found
Mozilla: Defense against multiple Location headers due to CRLF Injection (MFSA 2011-39)
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting...
CVE-2011-3000
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting...
Multiple vulnerabilities in AWStats
Hello 3APA3A! I want to warn you about multiple security vulnerabilities in AWStats. These are Cross-Site Scripting, Redirector, SQL Injection, HTTP Response Splitting and CRLF Injection vulnerabilities in AWStats in awredir. AWStats includes script Advanced Web Redirector awredir.pl. There were...
AWStats 7.0 / 6.0 SQL Injection / Cross Site Scripting / CRLF Injection
No description provided by source. Vulnerable are all versions of AWStats 6.0, 7.0 and previous versions. ---------- Details: ---------- AWStats includes script Advanced Web Redirector awredir.pl. There were already found by trev and tx XSS and Redirector vulnerabilities in awredir.pl in 2008...
AWStats 7.0 / 6.0 SQL Injection / Cross Site Scripting / CRLF Injection
Hello list! I want to warn you about multiple security vulnerabilities in AWStats. These are Cross-Site Scripting, Redirector, SQL Injection, HTTP Response Splitting and CRLF Injection vulnerabilities in AWStats in awredir. ------------------------- Affected products: -------------------------...
Toko Lite CMS 1.5.2 - edit.php HTTP Response Splitting
Toko Lite CMS 1.5.2 - edit.php HTTP Response Splitting Toko Lite CMS 1.5.2 edit.php HTTP Response Splitting Vulnerability Vendor: Toko Product web page: http://toko-contenteditor.pageil.net Affected version: 1.5.2 Summary: Toko Web Content Editor cms is a compact, multi language, open source web...
Toko Lite CMS 1.5.2 - HTTP Response Splitting / Cross-Site Scripting
source: https://www.securityfocus.com/bid/49673/info Toko LiteCMS is prone to an HTTP-response-splitting vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script cod...
Toko Lite CMS 1.5.2 (edit.php) HTTP Response Splitting Vulnerability
Summary Toko Web Content Editor cms is a compact, multi language, open source web editor and content management system CMS. It is advanced easy to use yet fully featured program that can be integrated with any existing site. It takes 2 minuets to install even for non technical users. Description...
Toko Lite CMS 1.5.2 HTTP Response Splitting
Toko Lite CMS 1.5.2 edit.php HTTP Response Splitting Vulnerability Vendor: Toko Product web page: http://toko-contenteditor.pageil.net Affected version: 1.5.2 Summary: Toko Web Content Editor cms is a compact, multi language, open source web editor and content management system CMS. It is advance...
Toko Lite CMS 1.5.2 - 'edit.php' HTTP Response Splitting
Toko Lite CMS 1.5.2 edit.php HTTP Response Splitting Vulnerability Vendor: Toko Product web page: http://toko-contenteditor.pageil.net Affected version: 1.5.2 Summary: Toko Web Content Editor cms is a compact, multi language, open source web editor and content management system CMS. It is advance...
Toko Lite CMS 1.5.2 - HTTP Response Splitting Cross-Site Scripting
Toko Lite CMS 1.5.2 - HTTP Response Splitting Cross-Site Scripting source: https://www.securityfocus.com/bid/49673/info Toko LiteCMS is prone to an HTTP-response-splitting vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An...
Toko Lite CMS 1.5.2 (edit.php) HTTP Response Splitting Vulnerability
Exploit for php platform in category web applications Toko Lite CMS 1.5.2 edit.php HTTP Response Splitting Vulnerability Vendor: Toko Product web page: http://toko-contenteditor.pageil.net Affected version: 1.5.2 Summary: Toko Web Content Editor cms is a compact, multi language, open source web...
[SECURITY] [DSA 2301-1] rails security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2301-1 [email protected] http://www.debian.org/security/ Luciano Bello September 5, 2011 http://www.debian.org/security/faq -...
CVE-2011-3186
CRLF injection vulnerability in actionpack/lib/actioncontroller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header...
CVE-2011-3186
CRLF injection vulnerability in actionpack/lib/actioncontroller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header...
CVE-2011-3186
CRLF injection vulnerability in actionpack/lib/actioncontroller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header...
CVE-2011-3186
CRLF injection vulnerability in actionpack/lib/actioncontroller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header...
CVE-2011-3186
CVE-2011-3186 is a CRLF injection vulnerability in Rails 2.3.x, exploitable via the Content-Type header in actionpack/lib/action_controller/response.rb, allowing an attacker to inject arbitrary HTTP headers and perform HTTP response splitting. The issue affects Rails 2.3.x up to 2.3.12; a fix was...
ATutor 2.0.2 Multiple Vulnerabilities
Exploit for php platform in category web applications Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 2.0.2 build r10589 Summary: ATutor is an Open Source Web-based Learning Content Management System LCMS designed with accessibility and...
ATutor 2.0.2 HTTP Response Splitting
ATutor 2.0.2 lang HTTP Response Splitting Vulnerability Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 2.0.2 build r10589 Summary: ATutor is an Open Source Web-based Learning Content Management System LCMS designed with accessibility and...